A company with strict security policies requires that user passwords must never be synchronized to the cloud, not even in a hashed format. They want to implement Single Sign-On (SSO) for Microsoft 365 and Azure applications using their on-premises Active Directory. Which hybrid identity authentication method should you recommend?

Answer options:

Password Hash Synchronization (PHS).

Pass-through Authentication (PTA).

Azure AD Domain Services.

Microsoft Entra B2B.

How to approach this question

Identify the hybrid auth method that validates credentials on-premises without syncing hashes.

Full Answer

B.Pass-through Authentication (PTA).✓ Correct

Pass-through Authentication (PTA).

Pass-through Authentication (PTA) allows users to sign in to both on-premises and cloud-based applications using the same passwords, validating them directly against on-premises Active Directory without storing hashes in the cloud.

Common mistakes

Choosing PHS, which explicitly violates the 'no hash sync' requirement.

Question 07 All questions Question 09

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6

55 questions · hints · full answers · grading

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...Medium Q02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...Hard Q03An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT bud...Hard Q04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...Easy Q05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium

View all 55 questions →